In the wake of remote working, Zoom has become one of the most essential tools for video conferencing. This blog discusses how you can configure single sign-on (SSO) for Zoom with . WSO2 Identity Server When SSO is configured and enabled for your organization on Zoom, it allows your employees to login using the organization's WSO2 Identity Server user credentials. The users need not have separate user accounts on Zoom. Zoom SSO (based on SAML 2.0) will automatically provision the users based on the SAML response from WSO2 Identity Server. Furthermore, this allows identity admins to create users, update user information, and deactivate users in Zoom via WSO2 Identity Server. The initial authentication flow for a user would be as follows after the configuration: I will now explain how to configure WSO2 Identity Server and Zoom, and how to test the configuration. Before you begin, please make sure that you have the following: Zoom owner or admin privileges Business or Education account with approved Vanity URL Enabled Single Sign-On WSO2 Identity Server admin privileges Configuring WSO2 Identity Server Before Zoom can send requests to WSO2 Identity Server, the Zoom client must be added as a service provider on WSO2 Identity Server. To register Zoom as a service provider in WSO2 Identity Server, simply follow these steps: Sign in to the Management Console On the menu, click Identity > Service Providers > Add Main Fill in the (optional) of the service provider as follows Service Provider NameDescription Click to add the new service provider Register Next, enter a suitable name for the service provider in the text box Service Provider Name Claim Configuration We need to configure the claims for the service provider on WSO2 Identity Server configurations. First, click on the claim Configuration tab: From the expanded menu, set the to and click on that is against the field. Claim Mapping Dialect Use Local Claim Dialect Add Claim URI Requested Claims Add the claims as follows. Then, set the to : Subject Claim URI https://wso2.com/claims/emailaddress Inbound Authentication Configuration Under the section, click and click on . Inbound Authentication Configuration SAML2 Web SSO Configuration Configure Select and enter the required details as given below: Manual Configuration Issuer - https://yourcompany.zoom.us Assertion Consumer URL - https://yourcompany.zoom.us/saml/SSO NameID format - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress Please refer to when completing the other fields. Configuring SAML2 Web SSO After entering the details, click on and at the bottom. Download IDP Metadata Register Save the IdP metadata file since it is required for the Zoom configuration. Configuring Zoom Log in to Zoom as an administrator. To enter your SSO information, go to . https://zoom.us/account/sso You will be prompted with the above SAML SSO configuration page. Fill in the fields with the details from the IdP metadata file: First, open the IdP metadata file downloaded earlier and find the , , and values. SingleSignOnService Location SingleLogoutService Location X509Certificate In the . text box, paste the . value from the IdP metadata file. Sign-in page URL SingleSignOnService Location In the . text box, paste the . value from the IdP metadata file. (Note: Remove the . and .). x.509 Certificate X509Certificate Begin Certificate End Certificate From the . drop-down list, select the . URL. Service Provider (SP) Entity ID https In the .) text box, paste the . value from the IdP metadata file. Issuer (IDP Entity ID entityID For Binding, select http-post or http-redirect. Select the default user type (Basic or Pro) accordingly. Click Save Changes. Mapping Basic Information First, go to for the Single Sign-On configurations. There, click on the SAML Response Mapping tab. https://zoom.us/account/sso The first section of this page covers . Basic SAML Information Mapping Add the listed below for the corresponding value. This should be identical to the claim URIs we previously configured in WSO2 Identity Server. Source Attribute Testing the Integration To start, all SSO users need to access to login using a browser, or if you log in from the desktop or mobile client, you need to enter the domain name of your vanity URL under SSO login. https://yourcompany.zoom.us Then, you will be redirected to for authentication. Upon successful authentication, the user would be signed in to the respective Zoom account. WSO2 Identity Server Previously published at https://medium.com/@htamahc/configuring-single-sign-on-for-zoom-with-wso2-identity-server-fdac62566c0a
